CVE-2025-67851 - Vulnerability Details - OpenCVE

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00094.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2025-67851
https://bugzilla.redhat.com/show_bug.cgi?id=2423841
https://moodle.org/mod/forum/discuss.php?d=471301

History

Tue, 03 Feb 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.
Title		Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export
Weaknesses		CWE-1236
References		https://access.redhat.com/security/cve/CVE-2025-67851 https://bugzilla.redhat.com/show_bug.cgi?id=2423841 https://moodle.org/mod/forum/discuss.php?d=471301
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2026-02-03T10:52:06.974Z

Updated: 2026-02-03T10:52:06.974Z

Reserved: 2025-12-12T13:00:24.330Z

Link: CVE-2025-67851

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-03T11:15:55.367

Modified: 2026-02-03T11:15:55.367

Link: CVE-2025-67851

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67851", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2025-12-12T13:00:24.330Z", "datePublished": "2026-02-03T10:52:06.974Z", "dateUpdated": "2026-02-03T10:52:06.974Z"}, "containers": {"cna": {"title": "Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet."}], "affected": [{"versions": [{"status": "affected", "version": "4.1.0", "lessThan": "4.1.22", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.12", "versionType": "semver"}, {"status": "affected", "version": "4.5.0", "lessThan": "4.5.8", "versionType": "semver"}, {"status": "affected", "version": "5.0.0", "lessThan": "5.0.4", "versionType": "semver"}, {"status": "affected", "version": "5.1.0", "lessThan": "5.1.1", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle/", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-67851", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423841", "name": "RHBZ#2423841", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=471301"}], "datePublic": "2025-12-15T04:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1236", "description": "Improper Neutralization of Formula Elements in a CSV File", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File", "timeline": [{"lang": "en", "time": "2025-12-19T12:09:09.750000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-12-15T04:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Brendan Heywood for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-02-03T10:52:06.974Z"}}}}